#!/bin/bash

rm -rf ca-*
rm -rf ca.crt
rm -rf pem2
rm -rf server-*

openssl genrsa -out ca-key.pem 2048

echo "ca"

openssl req -new -config ca.cnf -key ca-key.pem -sha256 -out ca-csr.pem

sync

openssl x509 -req -extfile ca.cnf -extensions v3_req -days 3650 -in ca-csr.pem -signkey ca-key.pem -sha256 -out ca-cert.pem

sync

openssl x509 -outform  der -in ca-cert.pem -out ca.crt

sync

openssl genrsa -out  server-key.pem 2048

sync

echo "server"
openssl req -new -config server.cnf -key server-key.pem -sha256 -out server-csr.pem

sync

openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -extfile server.cnf -extensions v3_req -days 7300 -in server-csr.pem -sha256  -out server-cert.pem

sync 

mkdir pem2
cp ca.crt pem2
cp ca-cert.pem pem2
cp server-key.pem pem2
cp server-cert.pem pem2

cp -rf pem2 ../server/
rm -rf ca-*
rm -rf ca.crt
rm -rf pem2
rm -rf server-*
